I am having trouble properly configuring this AT&T 2Wire 3600HGV modem for my network. Maybe someone is aware of a different firmware for this product?

I am completely aware of how to setup the DMZ mode & router behind router setup in these boxes but that is NOT the point. (We have supported firewalled networked equipment working that has all the bells & whistles including QoS)

In the event of a factory reset of the AT&T 2Wire VDSL modem at this business, I want to properly insure the following business requirements are met:

- DHCP - OFF (at min, it appears you must leave one available?)

- WiFi - OFF (Yes this can be turned off, but bridging it always insured it was turned off in the past. ON is a security concern among just bad business i.e. conflict with other business WiFi, employees might see/use this non-content filtered WiFi, etc etc)

- & passing off internet service needs to be easy to another networked supported OUTSIDE of AT&T firewall. (I'm NOT asking for AT&T support on this, but in the bridge DSL world, this was EASY)

- if bridging this 2Wire is NOT an option, backing up the configuration settings would be a nice alternative but that is not available as well?

Bridging the old DSL modems always worked nicely but the 2Wire 3XXXHGV line appears to be the ONLY ones to support the AT&T VDSL Max Turbo speeds. 24Mbps down / 3 Mbps up which we use not only for normal business operations (credit cards, business email, web based training, etc) but this high speed is required to view onsite security video (3Mbps up) and offer customers FAST free WiFi!

AT&T U-Verse offers the right price, contract, speed, internet package & installers to properly handle our resturant locations company's data needs but I'm struggling with the their "business" support of this 2Wire VDSL modem product. We ONLY use the internet, no TV (not legally available for restaurants, yet). No Voip because POTS is our reliable backup. So it's just the internet service ...

For coverage on AT&T Uverse, we have over 50 locations lit up like a Christmas tree but sadly business support on this product is driving me nutz! Maybe because I now see this is listed under "Residential Gateway"? Is this AT&T 2Wire VDSL modem product not meant for business? Is anyone aware of another supported AT&T VDSL modem or a different 2Wire firmware available? Official AT&T support has me running in circles (AT&T U-verse support > AT&T Connecttech > AT&T Connecttech360 > AT&T U-verse support, rinse, repeat)

help?

Questions

770.1K

640

0

Responses

You may find that useful. However, be advised that you may then want to connect your older router's LAN port to a LAN port on that router, so that clients of that "access point" would be in the same network/subnet as the other clients. This isn't relavant if all you do is access the Internet directly from all devices, it would come in to play if you share printers, or otherwise do networking between devices connected to the two different access points.

Thanks Jeffer. Yes I will connect the old 160n LAN to LAN to the new 1200AC.

Do you think that connecting the 1200AC to the Gateway as a Router instead of an AP will resolve the speed degrading issue? At the moment speeds degrade on all my clients after a day or so (if leases are set to 24hrs). With the 1200AC as the DHCP server, will this resolve the issue? I know it would be your best opinion, not guaranteed, but you are an expert.

Also will the DHCP of the Gateway still be active? Will it handle leases if someone connects to it wirelessly? Seems like I would have to turn the Wireles G off on the Gateway to be sure that there are no IP conflicts. That step was not included in the original Post 2.

Well, forget all the above. I have spent 7 hours reconfiguring the Linksys as a router behind the UVG. While the procedure listed by SomeJoe777 does work, unfortunately the UVG automatically edits the IP address of the Linksys to 10.XX.XX.XX. Editing it back to 192.168.XX.XX works temporarily but it the UVG is rebooted it reedits the Linksys IP back to 10.XX. The problem with this is that my Linksys WRT160n which I want to use as an AP behind the 1200AC will not let me edit its IP address to 10.XX, only allows addresses with 192.XX so it does not work behind the 1200AC. I cannot see any workaround this. Can you suggest any solutions?

I don't know if doing this reconfiguration will help the speed; it may.

No, AT&T won't let you use 10.x.x.x/8 as your LAN side address. Frustrating, but true. However, you have a lot of choices for LAN side addressing other than 192.168.1.0/24. There is, for instance, 192.168.2.0/24 (and 3, and so on up to 255). And there are a whole lot of free addresses starting with 172.16.x.x

Award for Community Excellence 2019 Achiever**I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

I don't know if doing this reconfiguration will help the speed; it may.

No, AT&T won't let you use 10.x.x.x/8 as your LAN side address. Frustrating, but true. However, you have a lot of choices for LAN side addressing other than 192.168.1.0/24. There is, for instance, 192.168.2.0/24 (and 3, and so on up to 255). And there are a whole lot of free addresses starting with 172.16.x.x

Actually, the reconfiguration did not help, slow speeds developed after about 12 hours on two computers. I have now reverted back to Access Point mode.

AT&T not only allows 10.x addresses, it forces the user into one if I set my own router as a router, not an AP. When I configured my router as per Post #2 (i.e., as a router, not an AP) the UVG automatically gave my router the IP address of 10.119.32.202. I could then edit that address to a 192.x or a 172.x address but the first time I rebooted the UVG it forced my router back into a 10.x address. The only address I got to stick was 10.0.0.10. Apparently if the address starts with 10 then the UVG does not change it upon a reboot. The problem with a 10.x address is that my other router, the WRT160n, does not allow me to change its address to the 10.x range. It is an older router with less features. So I am stuck, don't know what to do next. Could buy more routers but not sure it would solve the issue as it appears to be UVG FW related.

From my limited tests it seems that with longer DHCP lease time on the UVG, the longer the speeds stay stable so there must be an issue with the way the UVG handles out the leases.

Is there a FW later than the one I am using, 6.11.1.29-enh.tm ? This is the original FW that came with the 3801 gateway and it is now 2+ years old. Can I install a newer version?

6.11.1.29-plus.tm is the same firmware version I have, and it has been updated several times in the years since I got my Gateway. What I can track down in terms of history.

In October 2014, a user reported the then current version was 6.11.1.29

in October 2013 they released 6.9.1.42-plus.tm

in February 2012 the released 6.3.7.50-plus.tm

in December 2010 they released 6.3.7.25-plus.tm, before that it was 6.3.5.19-plus.tm

So, looks like you've hit the era of stability for this platform.

You're not supposed to be able to set a LAN side subnet of 10.x.x.x on the AT&T gateways. Several people have complained about that. Not sure how you're able to. You might consider resetting your Gateway to factory settings.

Award for Community Excellence 2019 Achiever**I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

You're not supposed to be able to set a LAN side subnet of 10.x.x.x on the AT&T gateways. Several people have complained about that. Not sure how you're able to. You might consider resetting your Gateway to factory settings.

I was not clear perhaps. I did not set a LAN side subnet of 10.x on the gateway itself, the gateway automatically set a LAN side subnet of 10.x on my own router, the Linksys (after a reboot) while retaining the 192.164.1.254 on the Gateway itself. Does this make sense now?

If I reset the Linksys subset to anything other than 10.x the UVG will make it 10.x on the next UVG reboot.

Also more importantly, I have cleared the list of devices on the UVG. Could this help?

Apologies for not searching through all the posts, but has anyone tried this with an account setup for a block of static IPs? I'm looking at buying the service through a wholesaler but need to know if it can replace what I have now properly. My current gear is a Juniper SRX210 security gateway. It goes without saying that it can be made to do pretty much anything I want it do...and I want to keep it that way (NAT, application inspection, routing, ipv6, 6-in4 tunneling, 802.x1 proxying, VPN termination, BGP, MPLS, etc....)

My thoughts are that if you have the service the "regular" way, your DHCP lease will come from the pool of statics that you've bought. Then all that I'd need to do it identify the network/gatway addresses and transfer that to the hosts that are behind my current router/firewal now, reconfigure interfaces ,etc.

The problem is that I'm not sure the upstream interface of my device will still be able to get a DHCP lease once it's in "DMZ" mode. It's one of those things I could probalby hack around with and figure out if it works or not....but can't do without active service and a CPE to mess with.

I'm hoping someone else reading this has tried it with a /29 of public space and will share.

@dgeist, if you want to hand control of a public static subnet to your own router, you don't use DMZplus/IP Passthrough; you use the Cascaded Routersetting instead. Yes, it works. Had someone post that they successfully set it up in the past 24 hours.

You basically set up your router on the Gateway's basic LAN subnet. You then tell the Gateway that your router is the cascaded router, and give it the (public) subnet it's supposed to handle. You set up that subnet on the LAN side of your router (including giving that subnet's router address to the router's LAN interface). You can use DHCP (or not) and NAT (or not) as you choose, etc. The Gateway passes all of the traffic for that subnet to your router without handling it and passes any public traffic from your router on those addresses out.

Award for Community Excellence 2019 Achiever**I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Thanks, @JefferMC. That helps somewhat. I think in the simplest use case, that'd work fine. It basically adds an additional routed hop via the RFC1918 "internal" network on the gateway to the "external" interface on my router. The problem with that is if I have multiple internal subnets, some of which may not be routable space (since I have 3 that are private and one public). I use port translation on my current externally-facing public IP to do things like remote viewing on plex media server, etc.

Either I'd need to expose my internal private network as a routed network for the VDSL gateway to NAT for me when I go outbound (and use the features it hopefully has for port/IP translation). I also need to terminate a hurricane electric 6-in-4 tunnel on my "public address"...which would be challenging if not presense. I may still need to find some way to get the outside-facing public address living on my firewall/router.

... I may still need to find some way to get the outside-facing public address living on my firewall/router. ...

That's what DMZplus/IP passthrough is intended to do; but you have extra requirements. Maybe a product intended for the mass consumer requirements isn't what you need.

Award for Community Excellence 2019 Achiever**I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

I am confused with your different options, I have a Pace 5268 as my router moden. The performance durinf online gaming was not satisfactory so I decided to install an Asus AC3100.

Because I needed to connect more than 4 devices directly to the modem and router, both LAN connections are active, and since I have problems comunicating reaching some devices connected to either the Pace or the Asus, I decided to have both wireless on with different name to avoid conflict.

Now my question is which of all the different setup options should be the right one to use in my case, regarding DHCP and of the Asus should be a router or an access point.

@cota348jb, SomeJoe7777 is no longer active in these forums, so I doubt you'll get an answer from him.

However, I think I can help you. If you are only interested in better Wi-Fi coverage, then what you want is post 13 in this thread, which describes how to connect a Wireless Router as if it were an Access Point. Briefly:

1) Lock the 2.4 GHz channel on the 5268 at one of 1, 6 or 11.

2) Lock the 2.4 GHz channel on the Asus at one of the other two of the list above.

3) Set the SSID, Access Passphrase and Security settings to match between the two

4) Turn off DHCP on the LAN side of the ASUS.

5) You have a choice here:

5a) Connect a LAN port of the ASUS to a LAN port of the 5268 via an "Ethernet cable"

5b) The ASUS likely has an Access Point setting in its firmware. You may chose that and connect the WAN port of the ASUS to the 5268ac.

6) Separate the two devices by at least a meter (or much further to provide better coverage of your home).

7) You may treat any of the ports on the ASUS as if they were on the 5268ac (EXCEPT U-verse IPTV equipment may not be connected to the 5268ac).

Award for Community Excellence 2019 Achiever**I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Which is it? Doesn't work or sounds too complicated? What is it that is too complicated? What is it that doesn't work? Can you be [a lot] more specific?

Award for Community Excellence 2019 Achiever**I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.